Completely being a pedantic web developer/backend guy here… “Encrypting” the phone number isn’t the fix. You can’t really “encrypt” data in the web browser if it is meant to be viewed at some point (esoteric and unnecessary javascript hoop jumping excluded). The backend should never have INCLUDED that information in the web page source code.
The proper place to “validate” permissions is on the backend, NEVER on the front-end. By then, it’s too late.
